TheCloneArmy/crater
1
0
Fork 1
mirror of https://github.com/crater-invoice/crater.git synced 2025-10-30 13:11:08 -04:00
Code Issues Packages Projects Releases Wiki Activity

Unrestricted php file upload fix (#681)

Browse Source 
https://huntr.dev/bounties/d7453360-baca-4e56-985f-481275fa38db/
This commit is contained in:
theWorstComrade
2021-12-29 13:33:20 +01:00
committed by GitHub
parent c9d0a63854
commit cdc913d16c
7 changed files with 176 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

40
app/Http/Requests/AvatarRequest.php Normal file
View File

@ -0,0 +1,40 @@
<?php
namespace Crater\Http\Requests;
use Crater\Rules\Base64Mime;
use Illuminate\Foundation\Http\FormRequest;
class AvatarRequest extends FormRequest
{
/**
* Determine if the user is authorized to make this request.
*
* @return bool
*/
public function authorize()
{
return true;
}
/**
* Get the validation rules that apply to the request.
*
* @return array
*/
public function rules()
{
return [
'admin_avatar' => [
'nullable',
'file',
'mimes:gif,jpg,png',
'max:20000'
],
'avatar' => [
'nullable',
new Base64Mime(['gif', 'jpg', 'png'])
]
];
}
}

34
app/Http/Requests/CompanyLogoRequest.php Normal file
View File

@ -0,0 +1,34 @@
<?php
namespace Crater\Http\Requests;
use Crater\Rules\Base64Mime;
use Illuminate\Foundation\Http\FormRequest;
class CompanyLogoRequest extends FormRequest
{
/**
* Determine if the user is authorized to make this request.
*
* @return bool
*/
public function authorize()
{
return true;
}
/**
* Get the validation rules that apply to the request.
*
* @return array
*/
public function rules()
{
return [
'company_logo' => [
'nullable',
new Base64Mime(['gif', 'jpg', 'png'])
]
];
}
}

6
app/Http/Requests/ExpenseRequest.php
View File

@ -51,6 +51,12 @@ class ExpenseRequest extends FormRequest
'currency_id' => [
'required'
],
'attachment_receipt' => [
'nullable',
'file',
'mimes:jpg,png,pdf,doc,docx,xls,xlsx,ppt,pptx',
'max:20000'
]
];
if ($companyCurrency && $this->currency_id) {